Authentication/saslauthd.conf.in

- This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.

saslauthd.conf.in

/opt/zimbra/cyrus-sasl/docs/saslauthd-sample.conf

# sample saslauthd configuration file for zimbra
#
# lines beginning with `#' are treated as comments
#
# directive - zimbra_url
# type - string
# notes - mandatory
#
# the url, or a whitespace-separated list of urls that identify the zimbra
# authentication service. The urls in this list will be used by saslauthd in a
# round-robin fashion, starting with the first url in the list. If a url is
# not accessible, it will be removed from the list for an interval of time
# specified against the `zimbra_retry_interval' directive
#
zimbra_url: http://localhost:7070/service/soap/
# directive - zimbra_cert_check
# type - boolean (0/1) (y/n) (on/off) (t/f)
# notes - optional, default (on for curl >7.10, off for curl <7.10)
#
# if any url specified against zimbra_url is secure (https://), then this
# directive indicates whether the authenticity of the server's certificate
# should be verified or not, and also whether the server's certificate has
# been issued to the server. the server is the host identified by the url
# the default value is on, unless curl is at version less than 7.10, in
# which case, the default value is off
#
zimbra_cert_check: off
# directive - zimbra_cert_file
# type - string
# notes - optional
#
# if zimbra_cert_check is on, then this file indicates the name of a file
# holding one or more certificates to verify the server with.
# if zimbra_cert_check is off, then this parameter is ignored
#
zimbra_cert_file: /opt/zimbra/conf/smtpd.crt
# directive - zimbra_retry_interval
# type - integer
# notes - optional, default 600
# In case zimbra_url is a list of urls to be used for authentication, and if
# one of those urls could not be reached when its turn arrived by round-robin,
# then `zimbra_retry_interval' specifies the amount of time, in seconds, that
# saslauthd will wait before considering that url for authentication by
# round-robin (this value defaults to 600 seconds)
#
zimbra_retry_interval: 600
# directive - zimbra_connect_timeout
# type - integer
# notes - optional, default 15
#
# the maximum amount of time, in seconds, that a connection to a url is
# allowed to take. if a url (from the round-robin list) takes longer than
# this time to respond to a connection, then saslauthd will give up and
# move to the next url in the list, or fail if there are no more urls
# available in the list (this value defaults to 15 seconds)
#
zimbra_connect_timeout: 15
# directive - zimbra_timeout
# type - interger
# notes - optional, default 45
#
# the maximum amount of time, in seconds, that a url can take for responding
# to an http request made by saslauthd. if the url takes a longer time to
# respond, then saslauthd will timeout and move on to the next url in the list,
# or fail if there are no more urls in the list (default 45 seconds)
#
zimbra_timeout: 45
# directive - zimbra_dump_xml
# type - boolean (0/1) (y/n) (on/off) (t/f)
# notes - optional, default 0
#
# zimbra_dump_xml is useful for diagnostics, and will cause saslauthd to
# print the request and the response body to stdout while communicating with
# an authentication url
# use this option only when saslauthd is being run in debug mode (with the -d
# switch), in normal mode, saslauthd daemonizes and detaches itself from the
# controlling terminal and its standard input/output/error are redirected
# to /dev/null
# the default value for zimbra_dump_xml is 0, meaning false
#
zimbra_dump_xml: off
# directive - zimbra_proxy
# type - string
# notes - optional
#
# use this parameter only if saslauthd requires to use a proxy in order to
# connect to the urls specified in zimbra_url.
# in most situations, the urls specified against zimbra_url are directly
# contacted by saslauthd, and therefore zimbra_proxy is not used
# if used, this parameter should specify the proxy host name or dotted IP
# address. To specify the port number, append :[port] to the end of the
# host name. Any protocol specified by the [protocol}:// prefix will be ignored
#
# zimbra_proxy: proxyhost:proxyport